Prevent program installations from running

Onion Connect is an advanced onion router client that enables other browsers than tor to access the onion network. the guy is bright.

Advanced Onion Router is designed to be a portable client for TOR networks and intended to be an improved alternative for Tor+Vidalia+Privoxy bundle. It can "force" a program and its plugins to use the Tor proxy regardless of its configured proxy settings.

The important part "force a program and its plugins to use the Tor proxy", and use any "program you want".

Who's that guy ?

It is hopeless. Now I find there is also Psiphone3 proxy as well.

Just check the programs here: Download VPN and Proxy Software | LO4D.com

I need to block all of this! All! But how?

Some of these programs don't even install anything. It is just exe file that immediately starts working so no UAC at all. There must be a way to deal with this.

It is possible to stop torbrowser.exe from Security Center or if already install (first rule). It is also possible to neutralize Tor in Norton LifeLock.

-Security Center Exploit Protection

Security Center > App & browser control > Exploit protection settings > Program settings > Add program to customize > by path

The first rule is when the app is already install and easier to stop (blocks start tor browser). Second and third is the executable file for the Documents and Downloads folders. Fourth is the executable file in the standard account (Downloads).

They all block the process, the problem is the version number and the install folder that could be anyone. Keep in mind that if you locate the package, it will never start with a by path rule. Same for firefox.exe inside tor folders.

Adding a path rule works with or without Defender.

-Norton Firewall Settings

It is possible to block the app from running in Norton LifeLock.

Settings > Firewall > Program Control > Tor > Access > Block. The browser opens, but has no connection.

To tell you how hard Tor is, if you set the obsf4proxy bridge in settings, connection is possible. So, you have to block this second connection: obsf4proxy.

After the second rule, Tor is dead:

Code:

Tor failed to establish a Tor network connection.
 Connected to a Tor relay failed (TLS_ERROR - 192.0.2.2:2).

The second bridge takes time to connect , it is called snowflake-client and needs a third rule.

1. Tor.exe location: Blocked
2. Bridge connection OBSF4Proxy: Blocked
3. Bridge connection Snowflake: Blocked
4. Bridge connection Meek-azure has no effect
5. Request a bridge is not connecting: Blocked

Norton settings page is not available in a standard account. Tor shouldn't be present on the admin account.
Plus, if a guy knows how to handle advanced option (proxy) in settings, you will have to block this connection too.

Under normal condition, the first rule prevents Tor from reaching the web.

Hope this help,

The tool you need to use to block software installations (like installing Tor or Onion services) is AppLocker. It's a free Microsoft product for managing Windows systems. It prevents any unwanted software (exe files) from running. Essentially, you first use it to take a "snapshot" of a system which contains only approved software. You then use it to apply rules to other systems. Those rules prevent users of those systems from running any other software. For a more detailed overview, see https://docs.microsoft.com/en-us/win...ocker-overview
That page includes links to instructions on how to apply AppLocker.

As I wrote previously, though, you also need to cope with this problem administratively. Management needs to make it clear to employees that using company resources for non-work related activities (like installing un-approved software) is not permitted and infractions will be dealt with appropriately. Trying to block such activity on your own without management approval is what is known as "a career limiting move." I.e. you are the one most likely to get fired.

oops. sorry: the ... got copied into the URL. The correct URL at Microsoft is
https://docs.microsoft.com/en-us/win...ocker-overview

(The forum software won't let me correct the post above.)